A self -sustaining “Leak and Crack” forum, where users advertise and share violated databases, stolen credentials and pirate software leaks the IP addresses of its recorded users in the open web, found security researchers.
The leak zone left a Elasticsearch database exposed to the Internet without password, according to UPGUARD researchers. In a blog post He shared with TechCrunch before his publication, the researchers said they discovered the database on July 18 and found that his data was accessible to anyone with a web browser.
The exposed database included more than 22 million files that store the IP address and the exact time marking of the leakage zone users.
While the files were not connected to individual users, the data could be used to detect users connected to a leakage zone without using anonymous tools. Some of the files, TechCrunch, show whether a user is believed to have been connected through a proxy, such as a VPN, which can help hide the position of the real world of the user.
The leak zone, which has gained popularity in 2020, advertises access to a “huge collection of leaks ranging from databases to databases to cracked accounts”, referring to stolen credentials used to connect to a person’s electronic accounts. The forum also offers a market that explicitly promotes “illegal services”, the website driver says. A page on the leak zone website claims that the forum has more than 109,000 users.
According to UPGUARD, 95% of the files in the exposed database are related to leak zone connections. Other data reference accounts associated with Accountbot, another site to sell access to compromised accounts used for flow services.
TechCrunch verified that the exposed database records users connected to the leakage zone, creating a new account and connecting to the site. A corresponding registration appeared immediately in the exposed database containing our IP address and the time marking of the exact moment we connected.
It is not known why the database was publicly exposed. Human error or misinterpretation are often a cause of data reports rather than malicious actions.
TechCrunch was unable to contact leak leakage administrators for comments, as forum software refused our ability to send them messages. It is not clear whether leakage zone administrators are aware of the report or if they intend to alert their users of the safety delay.
The database is no longer online, UPGUARD told TechCrunch.
In recent years, US and international authorities have increasingly aimed at forums and cyber crime sites for their roles in facilitating piracy, identity theft and other criminal activity. This week, Europol announced that it had arrested the alleged administrator behind XSS.IS, a long -term Russian cyberspace forum, which authorities also occupied as part of a abolition operation.
